mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 08:59:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Issue #13626: Add support for SSL Diffie-Hellman key exchange, through the

Browse source 
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
This commit is contained in:
Antoine Pitrou 2011-12-22 10:03:38 +01:00
parent 5ad1af076c
commit 0e576f1f50
7 changed files with 103 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

35
Modules/_ssl.c
View file

@ -1921,6 +1921,38 @@ load_verify_locations(PySSLContext *self, PyObject *args, PyObject *kwds)
Py_RETURN_NONE;
}
static PyObject *
load_dh_params(PySSLContext *self, PyObject *filepath)
{
FILE *f;
DH *dh;
f = _Py_fopen(filepath, "rb");
if (f == NULL) {
if (!PyErr_Occurred())
PyErr_SetFromErrnoWithFilenameObject(PyExc_OSError, filepath);
return NULL;
}
errno = 0;
PySSL_BEGIN_ALLOW_THREADS
dh = PEM_read_DHparams(f, NULL, NULL, NULL);
PySSL_END_ALLOW_THREADS
if (dh == NULL) {
if (errno != 0) {
ERR_clear_error();
PyErr_SetFromErrnoWithFilenameObject(PyExc_OSError, filepath);
}
else {
_setSSLError(NULL, 0, __FILE__, __LINE__);
}
return NULL;
}
if (SSL_CTX_set_tmp_dh(self->ctx, dh) == 0)
_setSSLError(NULL, 0, __FILE__, __LINE__);
DH_free(dh);
Py_RETURN_NONE;
}
static PyObject *
context_wrap_socket(PySSLContext *self, PyObject *args, PyObject *kwds)
{
@ -2050,6 +2082,8 @@ static struct PyMethodDef context_methods[] = {
METH_VARARGS, NULL},
{"load_cert_chain", (PyCFunction) load_cert_chain,
METH_VARARGS | METH_KEYWORDS, NULL},
{"load_dh_params", (PyCFunction) load_dh_params,
METH_O, NULL},
{"load_verify_locations", (PyCFunction) load_verify_locations,
METH_VARARGS | METH_KEYWORDS, NULL},
{"session_stats", (PyCFunction) session_stats,
@ -2505,6 +2539,7 @@ PyInit__ssl(void)
PyModule_AddIntConstant(m, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
PyModule_AddIntConstant(m, "OP_CIPHER_SERVER_PREFERENCE",
SSL_OP_CIPHER_SERVER_PREFERENCE);
PyModule_AddIntConstant(m, "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE);
PyModule_AddIntConstant(m, "OP_SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE);
#ifdef SSL_OP_NO_COMPRESSION
PyModule_AddIntConstant(m, "OP_NO_COMPRESSION",